troubleshooting Question

Setting up LDAPS on Windows 2008

Avatar of clarkincit
clarkincit asked on
DatabasesWindows Server 2008
8 Comments1 Solution5964 ViewsLast Modified:
Hello,

I followed the directions here: http://support.microsoft.com/kb/321051 to set up LDAPS.  I used a certificate purchased from GoDaddy.  After rebooting, I cannot get the connection to work using ldp.exe.  I'm thinking maybe my certificate was configured incorrectly?  

The name of the server is DNSSrvr1.  The DN for the server is CN=DNSSrvr1,OU=Domain Controllers,DC=mydomain,DC=com.  I set up the request.inf file as follows:

;----------------- request.inf -----------------

[Version]

Signature="$Windows NT$

[NewRequest]

Subject = "CN=DNSSrvr1,OU=Domain Controllers,DC=mydomain,DC=com" ; replace with the FQDN of the DC
KeySpec = 1
KeyLength = 2048
; Can be 1024, 2048, 4096, 8192, or 16384.
; Larger key sizes are more secure, but have
; a greater impact on performance.
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0

[EnhancedKeyUsageExtension]

OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication

;-----------------------------------------------

The certificate came back from GoDaddy for "DNSSrvr1", not the entire DN, could that be an issue?

I put the certificate in the Local Computer Personal container.

When I run the ldp.exe utility, entering either the name of the server or the IP of the server, trying them in combination with both port 636 and 3269, I get Error <0x51>: Fail to connect to DNSSrvr1.

Any ideas?  I'm not quite sure where to go from here.  I hate to go through the process of re-requesting the certificate if that isn't the issue.

Thank you,
Christine
ASKER CERTIFIED SOLUTION
Paranormastic
Cryptographic Engineer

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 8 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 8 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros